AppXDeploymentClient[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

AppXDeploymentClient.dll
Size

770KB
MD5

ae0d060528fdab15bd29b65412ae9289
SHA1

40457842ad7d0c17e2061a7bab88c33dbc222b72
SHA256

8a69e4cf21d52e6122bb8fe88634a92c0f680f387d24562370f31f4d2e247c24
SHA512

a6b620607501efb8b8427a3aaddd540da8bd0d9c4bd8572dc294f36456317b1ac11b237b829d9248d66f981eba1cdd6cb5e1e8c12a8736321134c8e4ec2d37b3
SSDEEP

12288:G5xGDIspqst0q5JZ2hfsUtemn3sguj5NQeUNSvS0QKUAmSDeSEHOeKx:r7JZ2XTn3A8emKUAmxXue4

Score

1^/10

Malware Config

Signatures

Files

AppXDeploymentClient.dll
.dll windows:10 windows x86 arch:x86

94547d525d14b87c39c9fd7d3f5e8e89

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:c0:47:04:b3:bb:33:2f:52:ab:17:b3:a7:c4:5c:4e:52:ea:aa:05:a1:a9:e7:98:7a:d2:de:07:02:00:14:b6
Signer

Actual PE Digest

b8:c0:47:04:b3:bb:33:2f:52:ab:17:b3:a7:c4:5c:4e:52:ea:aa:05:a1:a9:e7:98:7a:d2:de:07:02:00:14:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AppXDeploymentClient.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

memmove_s
memset

ntdll

RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtQuerySystemInformation
RtlReportException
RtlIsMultiUsersInSessionSku
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
NtQueryInformationProcess
RtlAllocateHeap
NtSetInformationThread
RtlNumberGenericTableElementsAvl
RtlFreeHeap
NtSetInformationVirtualMemory
RtlInitializeSRWLock
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlAllocateAndInitializeSid
NtUnmapViewOfSection
NtMapViewOfSection
RtlNtStatusToDosErrorNoTeb
NtClose
NtCreateSection
EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlFreeSid
RtlAllocateWnfSerializationGroup
RtlSubscribeWnfStateChangeNotification
NtQueryInformationFile
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosError
NtQueryInformationThread
RtlInitUnicodeString
RtlCompareUnicodeString
RtlInitializeGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlDowncaseUnicodeString
RtlEnumerateGenericTableWithoutSplayingAvl
RtlLookupElementGenericTableAvl
RtlQueryPackageClaims
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
LoadLibraryExA
LoadStringW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FreeLibrary

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
CreateEventW
OpenSemaphoreW
WaitForSingleObjectEx
LeaveCriticalSection
ResetEvent
CreateEventExW
ReleaseSRWLockShared
SetEvent
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
SleepEx
ReleaseMutex
WaitForSingleObject
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
FreeLibraryWhenCallbackReturns
CloseThreadpoolTimer
CreateThreadpoolWork
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolWorkCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
SetThreadToken
GetProcessId
OpenProcessToken
GetCurrentThread
OpenThreadToken
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

rpcrt4

CStdStubBuffer_Connect
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_Invoke
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
I_RpcExceptionFilter
CStdStubBuffer_CountRefs
UuidCreate
UuidToStringW
RpcServerInqCallAttributesW
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
RpcAsyncInitializeHandle
CStdStubBuffer_Disconnect
RpcAsyncCancelCall
RpcAsyncCompleteCall
RpcBindingBind
NdrClientCall4
RpcStringFreeW
NdrAsyncClientCall2
RpcBindingCreateW
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
RpcBindingUnbind
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient9
ObjectStublessClient8
ObjectStublessClient6
NdrProxyForwardingFunction5
NdrProxyForwardingFunction4
ObjectStublessClient26
ObjectStublessClient10
ObjectStublessClient19
CStdStubBuffer2_QueryInterface
ObjectStublessClient16
ObjectStublessClient13
ObjectStublessClient21
CStdStubBuffer2_Connect
ObjectStublessClient24
ObjectStublessClient12
ObjectStublessClient14
ObjectStublessClient11
CStdStubBuffer2_CountRefs
ObjectStublessClient25
ObjectStublessClient17
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient27
ObjectStublessClient18
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Disconnect
ObjectStublessClient7
NdrProxyForwardingFunction3

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoSetErrorReportingFlags
RoTransformError
RoOriginateError

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CoTaskMemAlloc
CoIncrementMTAUsage
CoGetApartmentType
CoMarshalInterface
CoCreateFreeThreadedMarshaler
StringFromGUID2
CoTaskMemFree
CoGetCallContext
CoDecrementMTAUsage
CoCreateInstance
CoGetCallerTID
CoUninitialize
CoInitializeEx
CoRevertToSelf
CreateStreamOnHGlobal
CoImpersonateClient

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled
EventUnregister
EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal
CompareStringEx

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemInfo
GetLocalTime
GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoUninitialize
RoInitialize
RoActivateInstance

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetDiskFreeSpaceExW
CompareFileTime
GetFileSizeEx
GetDiskFreeSpaceW
GetFileAttributesW
FindClose
DeleteFileW
GetDriveTypeW
CreateFileW
GetFullPathNameW
WriteFile
SetFileAttributesW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
GetVolumePathNameW

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupGetDomainInfo
LsaLookupFreeMemory
LsaLookupClose

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-file-l1-2-0

GetTempPathW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-path-l1-1-0

PathAllocCanonicalize
PathCchCombine
PathCchSkipRoot
PathCchRemoveBackslash

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx
NotifyServiceStatusChangeW

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualProtect
MapViewOfFile
CreateFileMappingW
VirtualQuery

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AppInstallerUpdateAllTask
AppxAddPackageToAllUserStoreForPbr
AppxCleanupOrphanPackages
AppxCleanupSystemAppsMigratedToFOD
AppxCleanupWCIReparsePoints
AppxCreateSharedLocalFolder
AppxCreateSharedLocalFolderForFamilyName
AppxDeletePackageFiles
AppxDestagePackage
AppxDoesSharedLocalFolderExistForFamilyName
AppxGetPackageInstalledLocation
AppxGetStagedPackageFullNameFromFamilyName
AppxIsStagedPackageStoreSigned
AppxPackageRepositoryRecoverStagedPackages
AppxPackageRepositoryRecoverUserInstalls
AppxPreRegisterAllInboxPackages
AppxPreRegisterPackage
AppxPreStageCleanupRunTask
AppxRecoverUserInstallsForUpgrade
AppxRegisterPackage
AppxRemoveAllPackagesForUserSid
AppxRemovePackageForAllUsers
AppxRemovePackageForUserSid
AppxRequestRemovePackageForUser
AppxStagePackage
AppxValidatePackages
AppxValidatePackagesWithOptions
CheckAppInstallerUpdateAvailability
CheckComCallerHasCapabilities
CheckForUpdatesAndWaitForInstallerIfNeeded
CleanupProfileForUser
ClientDeleteAllPackagesFromMainPackageArray
ClientGetAllPackagesToBeInstalledForUser
CreateCanonicalPriFile
DeleteApplicabilityInfoArray
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
EnsurePackageFamiliesAreRegisteredInContainer
EnsurePackageFamilyIsRegisteredBeforeActivation
FixJunctionsForAppsIfNecessary
GeneratePreInstalledPriFiles
GetApplicability
GetApplicability2
GetApplicability4
GetApplicability5
GetBundleApplicablePackages
GetMetadataRootForPackage
GetNotificationPayload
GetNotificationPayloadForUser
GetPackageApplicabilityForUserLogon
GetPackageRegistrationStatusForUser
GetPackageRegistrationStatusForUserAndDefaultAccount
HasPackageFamilyBeenRegisteredForUser
IsPackageInstalled
IsPackageMetadataUnderSystemMetadata
IsSharedAppsEnabled
MsixPackageVolumeIsRepairNeeded
MsixPackageVolumeRepair
NotifyPackageStatusChanged
PopulateProtocolAndFTA
PreRegisterPackagesInContainer
RDSRecoverRequests
ReArmAppxPreStageCleanupTask
RegisterNotification
RegisterNotificationForUser
RemovePackageFromContainer
RepairPackageFileAcls
RequestContentGroups
RequestContentGroupsForFullTrust
UnregisterNotification
UnregisterNotificationForUser
UpdateAgentCancelAllDownloads
UpdateAgentCreateDownload
UpdateAgentFreeDownloadRanges
UpdateAgentGetDownloadRanges
UpdateAgentGetDownloadingPackageCount
UpdateDataSourceAddRange
UpdateDataSourceCancelRun
UpdateDataSourceRegister
UpdateDataSourceRun
VerifyPackage

Sections

.text
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94547d525d14b87c39c9fd7d3f5e8e89

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b8:c0:47:04:b3:bb:33:2f:52:ab:17:b3:a7:c4:5c:4e:52:ea:aa:05:a1:a9:e7:98:7a:d2:de:07:02:00:14:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-path-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 681KB - Virtual size: 681KB

.data Size: 2KB - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 1024B - Virtual size: 856B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 41KB - Virtual size: 40KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b8:c0:47:04:b3:bb:33:2f:52:ab:17:b3:a7:c4:5c:4e:52:ea:aa:05:a1:a9:e7:98:7a:d2:de:07:02:00:14:b6
Signer

.text
Size: 681KB - Virtual size: 681KB

.data
Size: 2KB - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 1024B - Virtual size: 856B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 41KB - Virtual size: 40KB